package com.mao.gateway;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

/**
 * @author Administrator
 */
@Configuration
public class SecurityConfig_2 extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    // 注入数据源
    @Autowired
    private DataSource dataSource;

    // 配置对象
    @Bean
    public PersistentTokenRepository persistentTokenRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        return jdbcTokenRepository;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(password());
    }

    @Bean
    PasswordEncoder password(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                // 登录页面设置
                .loginPage("/login.html")
                //登录路径设置
                .loginProcessingUrl("/user/login")
                // 默认成功页面路径
                .defaultSuccessUrl("/success.html").permitAll()
                .and().authorizeRequests()
                    // 设置哪些路径可以访问 无需认证
                    .antMatchers("/","/test/hello","/user/login").permitAll()
                    // 1 hasAuthority 当前登录用户 只有具有admin权限的才能访问 (不允许多个角色)
//                    .antMatchers("/success/index").hasAuthority("admin")

                    // 2 hasAnyAuthority 当前登录用户 只有具有admin manager权限的才能访问 (允许多个角色)
//                    .antMatchers("/success/index").hasAnyAuthority("admin,manager")

                    // 3 hasRole ROLE_admin (不允许多个角色)
                    .antMatchers("/success/index").hasRole("admin")
                    // 4 hasAnyRole ROLE_admin (允许多个角色)
//                    .antMatchers("/success/index").hasAnyRole("admin")

                    .anyRequest().authenticated()
                .and().rememberMe().tokenRepository(persistentTokenRepository())
                // 设置有效时长 单位 秒
                .tokenValiditySeconds(60)
                .userDetailsService(userDetailsService);
                // 关闭csrf防护
//                .and().csrf().disable();

        // 配置没有权限访问跳转的自定义界面
        http.exceptionHandling().accessDeniedPage("/error/403.html");

        // 退出登录
        http.logout().logoutUrl("/logout").logoutSuccessUrl("/test/hello").permitAll();
    }
}
